https://bugs.openldap.org/show_bug.cgi?id=10215
Issue ID: 10215 Summary: [QUESTION] FIPS Validated password hashing Product: OpenLDAP Version: 2.4.54 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs@openldap.org Reporter: 11tete11@gmail.com Target Milestone: ---
Hi! we are in process of a certification, and we are using openldap of ubuntu pro fips 20.04, that its the 2.4.54
At some point the auditor ask us, how the passwords are stored into ldap, and we found this: https://github.com/openldap/openldap/tree/master/contrib/slapd-modules/passw...
seems that that module do not use a FIPS validated library like "openssl" that comes with ubuntu fips. and make it's own implementation of the sha512.
Is there any ldap module that uses the openssl library of the SO that in this case its the openssl 1.1.1f to hash its passwords?, could be this https://github.com/openldap/openldap/tree/master/contrib/slapd-modules/passw... maybe if i'm understanding right?
thx!
https://bugs.openldap.org/show_bug.cgi?id=10215
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID
--- Comment #1 from Quanah Gibson-Mount quanah@openldap.org --- The ITS system is for bug reports, not questions about the software. Questions such as this should be sent to the openldap-technical@openldap.org mailing list.
I would also note that OpenLDAP 2.4 is historic and not supported.
https://bugs.openldap.org/show_bug.cgi?id=10215
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org